Question & Answer
Question
Where is the user permission for "Tivoli Enterprise Portal Authorities" are stored in TEPS database? How can we list them for each user?
Answer
Look at the user permission screenshot. The user permission can be modified by selecting user icon from Tivoli Enterprise portal. Only the user has the Administrative privilege can change the user permission for other users.
The question is, where are the individual user permissions like Action, Event etc for each user stored. The user permission is stored in the KFWUSER.AUTH column of KFWUSER table in TEPS DB and it stored as an unsigned integer. This value represents a bit-mask, where each bit position corresponds to a specific permission. Here is the bit-mask mapping to use for bit testing:
for example,
In my system, for SYSADMIN id the KFWUSER.AUTH value is "252645438" and it has both "View and Modify" Action Permission.
INSERT INTO KFWUSER ( ID, NAME, TEXT, AFFINITIES, AUTH, AUTHEX, LSTDATE, LSTUSRPRF ) VALUES ( 'SYSADMIN', 'SYSADMIN', 'Administration', '################################00000000000', 252645438, 'FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00000000000000000000000000000001', '1171019080326000', 'SYSADMIN' );
How do we get the user permission?
Just to illustrate the example here. the AUTH column in my example contains the following unsigned integer value: 252645438. This represents the following binary number:
1111000011110001000000111110
So if you use the above mapping , the MODIFY_USER permission is allocated to the bit position representing a value of x'02' in hexadecimal:
MODIFY_USER, // X'.......2
which would correspond to the position below in the binary number (bit is on):
00000000000000000000000010
As you can see from the example, this user does have the MODIFY_USER permission, because that bit position is "on" (contains a 1).
In DB2, there are BIT scalar functions which you should be able to use in an SQL statement to determine if a particular bit within the two's complement representation of the unsigned integer value is on or not. The detailed DB2 query to get the bit is not scope of this document.
Was this topic helpful?
Document Information
Modified date:
23 October 2018
UID
ibm10732475